Skip to Main Content
< BackMonday, February 1, 2021

The Most Common Bad Password for Smart Devices? No Password At All

In recognition of “Change Your Password Day”, Avira reminds consumers to set passwords on their smart devices. The Avira IoT Honeypot reports that 34% of all cyber attacks on smart devices are because there is no password set.  

February 1 2021 (SAN JOSE, Calif.) - According to Avira's IoT research team, 34% of all cyber attacks on smart devices occur because there are no password credentials set at all. In these IoT attacks, hackers focus on a known vulnerability in a smart TV or smart camera, for example, and try different username/password combinations to crack into the device. The "blank input fields" combination is significantly higher than the number of attacks with other popular username/password combinations, suggesting that many smart devices have blank - and thus easily crackable - credentials.

"The most common credentials used by IoT attacks consist of a blank field. We found this via the Avira smart device honeypot. At the same time, this means that the attackers or their automated scripts do not enter a username or password to access the device," said Imran Khan, Manager Protection Labs & IoT Research Lab at Avira. "A blank password is even more common than the “admin” password," Khan continued. 

Having empty fields for username/password combinations tops among all the total combinations, even more often than the collection of timeless bad password classics (24%) such as“ admin | admin "," support | support ” and“ root | root " and sum of all default credentials (22%) of many smart devices "as root | solokey ”and“ admin | ipcam_rt5350”. 

Password Advice for Smart Device Owners 

Device manufacturers and developers are primarily responsible for addressing potential security vulnerabilities of smart devices such as insecure default credentials. Nevertheless, device owners can take action themselves to make their smart devices more secure. However, the following steps require the user to be a little more technically savvy.  

  • The user manual states how to access the user interface of a smart device such as a camera via the PC. There, the insecure default password can be changed to a secure password. However, this is not so easy to implement on all devices. 

  • Find out online about the known potential security gaps in your device. Many YouTube videos now offer tutorials on this. 

  • Check for firmware updates for your device to fix any known vulnerabilities or problems with your device. 

  • Scan your network for open ports that could attract uninvited hackers. 

  • Finally, since all smart devices are connected via the router in the WLAN, it is important to secure the router itself. Avira recently compiled a collection of tips on how to improve router security.  

The Avira Honeypot  

The specialists from Avira arrived at the above-mentioned findings by means of a so-called honeypot.  Honeypots are a fixed strategic component in the fight against cyber attacks. They enable researchers to attract hackers in order to uncover their latest techniques and preferred targets of attack. 

This honeypot mimics the functions and behaviour of online devices such as routers and smart IoT devices to attract hackers. It makes itself visible on the internet as a supposedly vulnerable device, using three of the most common protocols used by smart devices: Telnet, Secure Shell and Android Debug Bridge.  


### 

Press contact:  James Griffiths, james.griffiths@avira.com 


Important: Your current Windows version is outdated and no longer supported.
For your security, we recommend switching to Windows 10 before downloading Avira software.
Update your Windows version here.
Wichtig: Ihre Windows-Version ist veraltet und wird nicht mehr unterstützt.
Zu Ihrer Sicherheit empfehlen wir Ihnen den Wechsel zu Windows 10 vor dem Download unserer Software.
Hier können Sie Ihr Windows aktualisieren.
Important: Votre version actuelle de Windows est obsolète et n’est plus prise en charge.
Pour votre sécurité, nous vous conseillons de passer à Windows 10 avant de télécharger le logiciel Avira.
Mettez à jour votre version de Windows ici.
Importante: Tu versión actual de Windows está desactualizada y ya no es compatible.
Por tu seguridad, te recomendamos que instales Windows 10 antes de descargar la solución de Avira.
Actualiza aquí tu versión de Windows.
Importante: La tua attuale versione di Windows è obsoleta e non è più supportata.
Per la tua sicurezza, ti consigliamo di passare a Windows 10 prima di scaricare i software Avira.
Aggiorna la tua versione di Windows qui.
Importante: Sua versão atual do Windows está desatualizada e não tem mais suporte.
Para sua segurança, recomendamos que troque para o Windows 10 antes de baixar o software da Avira.
Atualize sua versão do Windows aqui.
Важно: ваша версия Windows устарела и больше не поддерживается.
Из соображений безопасности перед загрузкой ПО Avira мы рекомендуем перейти на Windows 10.
Обновить Windows вы можете здесь.
Belangrijk: Uw huidige versie van Windows is verouderd en wordt niet meer ondersteund.
Voor uw veiligheid adviseren wij u om over te stappen op Windows 10 voordat u de Avira-software downloadt.
Update uw Windows-versie hier.
Önemli: Kullanmakta olduğunuz Windows sürümü eski ve artık desteklenmiyor.
Güvenliğiniz için Avira yazılımını indirmeden önce Windows 10 sürümüne yükseltmenizi öneririz.
Windows sürümünü buradan güncelleyin.
重要 : 現在お使いの Windows バージョンは古いため、サポートされなくなりました。
安全のため、Avira ソフトウェアをダウンロードする前に Windows 10 に切り替えることをお勧めします。
こちらより Windows バージョンをアップデートしてください
重要信息 : 您当前的 Windows 版本已过时,并且不再受支持。
为了安全起见,我们建议您在下载 Avira 软件之前切换到 Windows 10。
在此升级您的 Windows 版本
重要資訊 : 您當前的 Windows 版本已過時,並且不再受支援。
為了安全起見,我們建議您在下載 Avira 軟體之前切換到 Windows 10。
在此升級您的 Windows 版本